2.5 Billion users on Risk; A disturbing Truth

Google has recently released an alert to its 2.5 billion users to change their password owing to heightened hacking attempts and successful intrusions. The stolen or compromised passwords have accounted for up to 37% of the company’s entire consumer base. 

The Tried and Tested Trick

Even in this age of modern technological awareness, it’s quite interesting that hacks are resorting to the same old trick of impersonating themselves as someone else and extracting information in the most basic and manual way possible. As in this case, the breach by ShinyHunters was committed when hackers impersonated Google’s support agent and exploited the personal information of the users. If we zoom out a little, it is more difficult to identify an attack of such nature than to instantly discover a corrupted image from an unknown contact, a bug file, or bait thumbnail. 

Human Error, Not High-Tech Wizardry

The most interesting aspect of this attack is the fact that it tells a lot about a very “under-discussed” issue of password protection; the human complacency. Google has expressed that even after reiterating and emphasizing time and again, around 64% of users still don’t change their password and only a handful, as little as one-third adopt a more advanced passkey which is a more sophisticated and equipped option against such phishing attacks.

The company has also been pushing the users to adopt biometric or device-based password options, but it appears that familiar convenience is prioritized over protection. Many researches from credible sources such as inforsecurity, Dashlane, and others emphasize how the sluggish psychology of not changing or improving the password for years play an important part in increasing the risks of cyberattacks. This means that human error, not high tech wizardry is attackers’ sharpest tool even in this age. 

The Recurrent Breaches

Hasn’t the news of cyber attacks and breaches become frequent? It’s like the more we are moving forward towards technology dependence, the more we are becoming prone to such vulnerability. In this year alone there have been some massive level breaches such as Google and Microsoft’s Zero days, the leak of 19 billion passwords, Russian hackers attacking whatsapp of many ministers worldwide, and Apple’s recurring ZeroDays. 

It’s a reminder that even with the advancement of technology and tech-giant flushing billions of dollars in their cyber-security; all of it crumbles in the face of a well-executed cyber attack. 

Trust and Digital Hygiene

One rarely discussed issue here is the philosophy of security itself. After every attack we pinpoint the entire discussion around technological problems and its fix (which is legit as well). But, users treat password update and virtual care as a chore and not digital hygiene. When we fall ill, we don’t leave everything to the doctor but we actively avoid things that could feed the ailment and adopt habits that would help it go away. But for our digital footprint security, we have left everything entirely to the companies and consider ourselves off the hook of blame in case of any mishap. We need to get one thing straight, corporations won’t mop our mess for us, especially the ones we are also responsible to clean regularly; update, improve, and secure authentication processes.